The Association of British Insurers has reported that 99% of claims made (207) on ABI-member cyber insurance policies in 2018 were paid. Firms which have been slow to take out cover, quietly confident in their ability to protect themselves, should keep this under review, because the risks are developing as criminals become more ingenious. The following two examples illustrate the point.

An article in the Wall Street Journal reported that the manager of a firm was tricked into transferring £200,000 to a bank account controlled by fraudsters after they used artificial intelligence soft-ware to mimic the voice of his boss.

The theft of fingerprint and face-recognition details of more than a million people used for access controls for staff of the Metropolitan Police and banks has exposed the victims to security is-sues for the rest of their lives.

We mentioned the £500,000 data breach fine on Equifax in our November 2018 and May 2019 issues. Equifax has reached a $1.4 billion class action settlement. Those responsible for information security may find it useful to review the terms of the settlement setting out business practices commitments which will be binding on Equifax for five years which cover a wide range of measures, including monitoring, vulnerability scanning, threat management, patch management, access control, legacy systems and mandatory training –and a minimum $1 billion spending on data security and related technology over five years. See

‹ Back to Publications